CVE-2023-33568
published 2023-06-13CVE-2023-33568: An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects…
PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
14.94%
96.3th percentile
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 16.0.0 < 16.0.5 | 16.0.5 |
| dolibarr | dolibarr_erp_crm | >= 16.0.0 < 16.0.5 | 16.0.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to the unauthenticated endpoint /public/ticket/ajax/ajax.php with action=getContacts and a wildcard email parameter (email=%) triggers the database dump. A 200 response containing both '"database_name":' and '"database_user":' in the body confirms exploitation. ↗
- →Affected versions are Dolibarr 16 before 16.0.5. The dump includes public and private notes in addition to customer, prospect, supplier, and employee contact data. ↗
- ·Exploitation requires that a contact file exists on the target Dolibarr instance; if no contact file is present, the attack path is not available. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-33568: An issue in Dolibarr 16 before 16
osv·2023-06-13·CVSS 7.5
CVE-2023-33568 [HIGH] CVE-2023-33568: An issue in Dolibarr 16 before 16
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
GHSA
Dolibarr vulnerable to unauthenticated database access
ghsa·2023-06-13
CVE-2023-33568 [HIGH] CWE-200 Dolibarr vulnerable to unauthenticated database access
Dolibarr vulnerable to unauthenticated database access
An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
OSV
Dolibarr vulnerable to unauthenticated database access
osv·2023-06-13
CVE-2023-33568 [HIGH] Dolibarr vulnerable to unauthenticated database access
Dolibarr vulnerable to unauthenticated database access
An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
No detection rules found.
Nuclei
Dolibarr Unauthenticated Contacts Database Theft
nuclei·CVSS 7.5
CVE-2023-33568 [HIGH] Dolibarr Unauthenticated Contacts Database Theft
Dolibarr Unauthenticated Contacts Database Theft
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Template:
id: CVE-2023-33568
info:
name: Dolibarr Unauthenticated Contacts Database Theft
author: DhiyaneshDK
severity: high
description: |
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
impact: |
The attacker can access and steal sensitive information from the contacts database, potentially leading to data breaches and privacy violations.
remediation: |
Apply
Metasploit
Dolibarr 16 pre-auth contact database dump
metasploit
Dolibarr 16 pre-auth contact database dump
Dolibarr 16 pre-auth contact database dump
Dolibarr version 16 < 16.0.5 is vulnerable to a pre-authentication contact database dump. An unauthenticated attacker may retrieve a company's entire customer file, prospects, suppliers, and potentially employee information if a contact file exists. Both public and private notes are also included in the dump.
https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9ehttps://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9ehttps://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
2023-06-13
Published